Working with the Apache httpd web server we should consider how we deal with “page not found” errors or other HTTP error messages. We will be working with Apache 2.2 on CentOS 6.5 for the demonstration and we will show first how we can control server tokens on the standard messages and then create or own custom messages. We will be working as root for the full demonstration. The web pages are access through FireFox on a win32 platform.
The standard Apache page not found error will display similar to this:
This is Ok but some might say we are disclosing too much information; creating out own custom pages will get rid of this straight away but if we do not want to do this we can either use the directive
ServerSignature Off
If we want less information to show then use:
ServerSignature On ServerTokens ProductOnly
As the setting says it will display the Apache Product name only and the not the version or OS information.
If we want to create our own custom page then we should use either:
ErrorDocument 404 "Sorry page could not be located"
or
ErrorDocument 404 /not_found.html
The second method is preferred as we can more easily manage site navigation and branding with our full html file